[Zope-PAS] Re: challenge misunderstandings/problems
Uwe Hoffmann
qual at tiscali.de
Wed Nov 2 17:15:49 EST 2005
to partly answer my own question
Uwe Hoffmann schrieb:
>
> My Problem is: If the client hits a protected page the
> gssapi based challenge is run and some headers are set
> (WWW_Authenticate: negotiate) but the body of the resulting 401
> response is always the standard message set in HTTPResponse of
> the HTTPResponse Zope module ("You are not ...") .
If i make the following patch my problem (within the problems
environment) seems to be solved. I'm not sure what's broken with this
patch (e.g. resp.body is certainly not correct in every case).
*** PluggableAuthService.py 2005-05-27 21:10:45.000000000 +0200
--- PluggableAuthService.py 2005-11-02 23:00:58.000000000 +0100
***************
*** 969,974 ****
--- 969,975 ----
resp._unauthorized_stack = stack
resp._unauthorized = self._unauthorized
resp._has_challenged = False
+ resp.unauthorized = self.unauthorized
#
# Response override
***************
*** 985,990 ****
--- 986,997 ----
else:
resp._has_challenged = True
+ def unauthorized(self):
+ req = self.REQUEST
+ resp = req['RESPONSE']
+ self._unauthorized()
+ raise Unauthorized(message=resp.body)
+
def challenge(self, request, response):
# Go through all challenge plugins
plugins = self._getOb('plugins')
>
> def challenge( self, request, response, **kw ):
> response.addHeader('WWW-Authenticate',
> 'negotiate')
> m = "<strong>pipapo</strong>"
>
> response.setBody(m, is_error=1)
> response.setStatus(401)
> return 1
>
> ( actually <strong>pipapo</strong> will be replaced by the form
> which will submit the values for the cookie based
> authentication plugin)
>
> so it seems that response.setBody is called again.
> any hints ?
>
> regards,
> Uwe
More information about the Zope-PAS
mailing list